nginx反代google

军哥lnmp环境,先配置好 ssl 证书。

server
    {
        listen 443 ssl http2;
        #listen [::]:443 ssl http2;
        server_name www.123.com 123.com;

        ssl_certificate /usr/local/nginx/conf/ssl/xxxxxxxx.cer;
        ssl_certificate_key /usr/local/nginx/conf/ssl/xxxxxxxxxx.key;
        ssl_session_timeout 5m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
        ssl_prefer_server_ciphers on;
        ssl_ciphers "TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5";
        ssl_session_cache builtin:1000 shared:SSL:10m;
        # openssl dhparam -out /usr/local/nginx/conf/ssl/dhparam.pem 2048
        ssl_dhparam /usr/local/nginx/conf/ssl/dhparam.pem;

location / {
            proxy_pass https://www.google.com;
            proxy_redirect off;
            sub_filter_once off;
            sub_filter "www.google.com" "123.com";
            proxy_set_header Host "www.google.com";
            proxy_set_header Referer $http_referer;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header User-Agent $http_user_agent;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto https;
            proxy_set_header Accept-Encoding "";
            proxy_set_header Accept-Language "zh-CN";
            proxy_cookie_domain www.google.com 123.com;
            proxy_set_header Cookie "PREF=ID=047808f19f6de346:U=0f62f33dd8549d11:FF=2:LD=en-US:NW=1:TM=1325338577:LM=1332142444:GM=1:SG=2:S=rE0SyJh2W1IQ-Maw";
        }

server
    {
        listen 80;
        server_name www.123.com 123.com;
        return 301 https://123.com$request_uri;
    }

 

nginx反代https

达到的效果:源站是https,然后访问反代服务器也是https。

使用军哥的 LNMP,反代配置如下:

location / {
        sub_filter 123.com 123.net;
        proxy_pass        https://123.com;
        proxy_set_header   X-Real-IP 源站IP地址;
        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header   Referer https://123.com;
        proxy_set_header REMOTE-HOST $remote_addr;
        add_header X-Cache $upstream_cache_status;
        proxy_set_header Accept-Encoding "";
        sub_filter "123.com" "123.net";
        sub_filter_once off;
        expires 12h;
    }

 

nginx反代1024,nginx负载均衡

nginx反向代理1024,假如只用一个VPS、同一个IP反代1024,访问量大了,访问会出现验证码的问题,所以采用负载均衡来分摊流量。

前端服务器 192.168.1.2 nginx 配置模板如下:

upstream 1024{
ip_hash; #根据客户端ip,计算hash值并映射到相应服务器.
server 192.168.1.3 weight=1 max_fails=3 fail_timeout=5;
server 192.168.1.4 weight=1 max_fails=3 fail_timeout=5;
server 192.168.1.5 weight=1 max_fails=3 fail_timeout=5;
server 192.168.1.6 weight=1 max_fails=3 fail_timeout=5;
}

server {
        listen 80;
        server_name test.com www.test.com;

    location / {
        proxy_pass http://1024; #要和第一行的upstream名字一致.
        proxy_redirect off; 
        proxy_set_header User-Agent $http_user_agent;
        proxy_set_header Referer http://www.t66y.com;
        proxy_set_header Accept-Encoding "";
        sub_filter "www.t66y.com" "www.test.com";
        sub_filter_once off;
        }

    access_log /root/test.com.log;
    error_log /root/test.com.error.log;
}

CentOS 6 禁用ipv6

网上找了一些方法,合并一下。

1.修改/etc/sysconfig/network,追加:

NETWORKING_IPV6=no
IPV6_AUTOCONF=no

2.修改/etc/hosts,把ipv6的那句本地主机名解析删除:

#::1 localhost localhost6 localhost6.localdomain6

3.让系统不加载ipv6相关模块,这需要修改modprobe相关设定文件,为了管理方便,我们新建设定文件/etc/modprobe.d/ipv6off.conf(名字随便起),内容如下:

alias net-pf-10 off
alias ipv6 off
options ipv6 disable=1

 

在/etc/sysctl.conf 里面添加

net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
net.ipv6.conf.eth0.disable_ipv6 = 1

最后重启vps,用命令验证,无输出信息则禁用成功。

lsmod | grep -i ipv6

ifconfig | grep -i inet6

 

华擎H97M Pro4 1.90D 锁4核倍频BIOS

华擎 H97m pro4 1.9d 锁4核倍频bios,效果看下图。

1.9D的原版BIOS 下载地址 https://pan.baidu.com/s/1kUXkZCr

1.9D的原版BIOS,备用下载地址  http://dl1.junlin.li/bios/H97MP41.90D

刷 bios 方法 http://www.asrock.cn/support/BIOSIG.cn.asp?cat=BIOS8

下面这个是 bios之家大神修改过的,加入了 联想SLIC 的 bios 。

http://dl1.junlin.li/bios/H97M%20PRO4-Lenovo2.3.rar

 

nginx反代https网站

反代的源站启用了ssl并且强制https。本次配置的环境为军哥的 lnmp1.5。

配置模板如下,先用 lnmp vhost add 添加虚拟主机,并且自动配置好 Let’s Encrypt 免费ssl证书。源站为www.a.com,反代站为www.b.com

server
    {
        listen 443 ssl http2;
        #listen [::]:443 ssl http2;
        server_name www.b.com;

        ssl on;
        ssl_certificate /usr/local/nginx/conf/ssl/www.b.com/fullchain.cer;
        ssl_certificate_key /usr/local/nginx/conf/ssl/www.b.com/www.b.com.key;
        ssl_session_timeout 5m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
        ssl_ciphers "EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5";
        ssl_session_cache builtin:1000 shared:SSL:10m;
        # openssl dhparam -out /usr/local/nginx/conf/ssl/dhparam.pem 2048
        ssl_dhparam /usr/local/nginx/conf/ssl/dhparam.pem;

    location / {
        sub_filter www.a.com www.b.com;
        proxy_pass        https://www.a.com;
        proxy_set_header   X-Real-IP 源站IP地址;
        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header   Referer https://www.a.com;
	    proxy_set_header REMOTE-HOST $remote_addr;
        add_header X-Cache $upstream_cache_status;
        proxy_set_header Accept-Encoding "";
        sub_filter "www.a.com" "www.b.com";
        sub_filter_once off;
        expires 12h;
    }
	
    access_log  /root/log/www.b.com.log;
}

server
        {
        listen 80;
        server_name www.b.com;
        return 301 https://www.b.com$request_uri;
}

 

此方法不适用于反代Google。反代Google比较麻烦,主要是反代Google会出现验证码,这个跟vps ip有关,估计是Google屏蔽了某些ip段,误以为是机器人吧。

CentOS 6 手动安装魔改版BBR

参考资料
魔改BBR原帖:http://www.hostloc.com/thread-372277-1-2.html
萌新教程: http://www.hostloc.com/thread-372335-1-1.html

 

只适用于CentOS 6 64位系统 4.12 及以下内核,4.13内核不支持此方法。

手动更新内核

rpm -ivh http://dl1.junlin.li/bbr/kernel-ml-4.12.10-1.el6.elrepo.x86_64.rpm

 

更新内核完成后修改 /boot/grub/grub.conf  引导文件,修改 default=1 ,把1改成0即可。

 

 

保存并重启 VPS 。

nginx 开启 https 反向代理Google

本人根据原作者的帖子  https://blog.linuxeye.cn/449.html  整理了一下,适合自己用的安装方式。

原帖使用的是 Let’s Encrypt 的 SSL 证书,我是申请的免费一年的 AlphaSSL 证书(目前已经无法申请)。

可以到  https://www.gogetssl.com/domain-validation/comodo-positivessl/  购买 Comodo PositiveSSL 证书,3年才十几美金。

我用的是 CentOS 6  64位系统,其他系统的请自行解决。

先升级一下系统,完了重启 VPS 。

yum -y update

然后安装一下基本软件。

yum -y install screen unzip wget ntpdate curl python
screen -S lnmp
wget -c http://mirrors.linuxeye.com/oneinstack-full.tar.gz && tar xzf oneinstack-full.tar.gz && cd oneinstack && ./install.sh

安装 oneinstack 一键包的时候,第一步会让你修改默认的 SSH 端口,随便填一个就可以了,不要和常用端口冲突即可。